Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’re excited to announce a powerful new integration between Mend.io and Microsoft Defender for Cloud (MDC)—a step forward in our mission to bring intelligent, actionable, and context-rich open source security directly into the cloud security workflow. As organizations embrace cloud-native architectures, security teams face the growing challenge of identifying and prioritizing the open source software risks that truly matter.

Keeper Security has once again earned the coveted title of “Test Winner” in a recent comparison of top password managers conducted by CHIP Magazine, a leading consumer technology publication in Germany. This achievement marks Keeper’s third consecutive win, following its 2023 and 2024 triumphs. In the April 2025 edition of CHIP, the magazine’s dedicated test center rigorously evaluated Keeper Password Manager alongside 10 other leading solutions.

In this week’s episode of The Future of Security Operations podcast, I'm joined by Josh Lemos, CISO at GitLab. Throughout his 15-year career in security, Josh has led teams at ServiceNow, Cylance, and Square. Known for his expertise in AI-driven security strategies, Josh is also a board member with HiddenLayer. He drives innovation at GitLab with a relentless focus on offensive security, identity management, and automation. Josh and I discuss.

The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024. As Reuters reports, complaints of ransomware attacks against critical sectors have jumped 9% over the previous year.

Ransomware has evolved from a distant “I hope it doesn’t happen to us” threat to an insidious, worldwide crisis. Among the sectors most affected is manufacturing, which has found itself more and more in attackers’ crosshairs. Manufacturing has long viewed itself as immune to digital crime, but ransomware attackers have belied this belief.

Let’s face it: The cloud has become the go-to platform for modern infrastructure—and for good reason. Scalability, flexibility, and speed are hard to beat. But as organizations increasingly rely on the cloud to run their critical operations, the threat landscape is evolving just as fast. And attackers? They’re getting smarter, stealthier, and more cloud-savvy by the day. That’s why monitoring cloud network traffic is no longer optional—it’s essential.

Today, Kovrr, the leading global provider of on-demand cyber risk quantification (CRQ) solutions, announced the launch of its CRQ-powered cyber risk register, a first-of-its-kind SaaS-based tool designed to provide security and risk managers (SRMs) with quantified insights that enhance cyber governance, risk, and compliance (GRC) initiatives.

As our reliance on digital devices and technologies has increased, so have concerns about the negative effects of excessive screen time on mental and physical health. As a result, many people are choosing digital detox as a structured way to disconnect, improve well-being, and have greater control over their digital footprint.

Kroll continues to observe widespread attempted initial access through CLEARFAKE via fake CAPTCHA pop-ups across a wide range of industry sectors. As detailed in previous Kroll reporting, CLEARFAKE is a malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns. Although CLEARFAKE continues to show the same themes surrounding its use alongside fake CAPTCHA pop-ups, there are also a wide range of nuances that have appeared in the past few months.

For Managed Service Providers (MSPs), ransomware attacks aren’t just a security issue, they’re a business-killing risk. In 2020, the average cost of downtime caused by ransomware was $274,200 — nearly double what it was the year before. Now, imagine you’re an MSP responsible for multiple clients, each relying on your service for their critical operations.